I had to say that I’m stunned by the article, video, and repo by Karsten Hahn, which talks about a technique that uses harmless parts of malware to stop the infection and prevent the malware from working correctly, nullifying some or the entire damage.
Malware vaccines use infection markers, bad inputs, and exclusion techniques, at most, to trick malware into failure, which can create buffer overflows, mal-functioning communication to its servers, encrypt prevention in crucial system files, etc.
We can think about too many situations where we can cast some DLLs to “compete” services, add extra OS languages, create schedulers who could maintain surveillance at common ports and OS processes…
https://github.com/struppigel/STOP-DJVU-Ransomware-Vaccine
Following the repo example, preventing STOP/DJVU Ransomware from encrypting files, it not prevents the encryption of all files, but gives you an edge to revert the process and keep your key files safe.
Enjoy!
